[RndTbl] Hey security guys!
Sean Cody
sean at tinfoilhat.ca
Mon Mar 24 15:29:23 CDT 2014
On 2014-03-24 15:03, Sean Cody wrote:
> Service accounts are created with ridiculously high entropy passwords
> I never record (eg. 'openssl rand 1024 | openssl dgst -sha1 | cut -f2
> -d\ ').
>
Since Adam will undoubtedly catch this... this should read 'reasonably
high entropy' given digests are a-z0-9 so the language space is
reasonable entropy and (depending on who you talk to) mitigated by large
string length.
You can just use 'openssl rand -base 64 1024' and combine the line feeds
and get an additional 8 bits of entropy or strings < /dev/urandom blah
blah blah. It all comes down to... make it random, complicated, and
ridiculously annoying to type. This way you make the mechanism easier
to use than just doing it manually. :)
--
Sean
More information about the Roundtable
mailing list